Processwire Security Vulnerabilities and Issues — Processwire CVE List

Lucene search

ProcesswireProcesswire

5 matches found

CVE•added 2022/10/31 12:15 p.m.•56 views

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

6.5CVSS6.5AI score0.00163EPSS

CVE•added 2022/10/31 12:15 p.m.•50 views

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.

6.1CVSS6.3AI score0.00838EPSS

CVE•added 2022/02/24 3:15 p.m.•41 views

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.

7.8CVSS7.4AI score0.79832EPSS

CVE•added 2024/07/19 8:15 p.m.•35 views

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.

4.2CVSS7.9AI score0.00024EPSS

CVE•added 2024/01/24 9:15 p.m.•34 views

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a Proc...

7.2CVSS7.2AI score0.00087EPSS